From 7660b558b4d8f5de75f53779943af84606b97d71 Mon Sep 17 00:00:00 2001 From: Julian Maurice Date: Fri, 8 Jan 2021 10:58:45 +0100 Subject: [PATCH] Bug 27336: Sanitize correctly HTML id MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Valid characters are alphanumeric characters (a-zA-Z0-9), hyphen (-) and underscore (_) https://www.w3.org/TR/CSS21/syndata.html#value-def-identifier All invalid characters will be replaced by '_' Test plan: 1. Go to Administration » System preferences and click on 'Searching' tab 2. You should see a console error (Uncaught Error: Syntax error, unrecognized expression: #collapse_Did_you_mean/spell_checking) 3. Apply patch 4. Make sure the error is gone 5. prove t/Koha_Template_Plugin_HtmlId.t Signed-off-by: Owen Leonard Signed-off-by: Nick Clemens Signed-off-by: Jonathan Druart (cherry picked from commit d89f6027be001d537b0eb73ea3fb4641d5fcd292) Signed-off-by: Fridolin Somers --- Koha/Template/Plugin/HtmlId.pm | 28 +++++++++++++++++++ .../prog/en/includes/prefs-menu.inc | 3 +- .../prog/en/modules/admin/preferences.tt | 7 +++-- t/Koha_Template_Plugin_HtmlId.t | 25 +++++++++++++++++ 4 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 Koha/Template/Plugin/HtmlId.pm create mode 100755 t/Koha_Template_Plugin_HtmlId.t diff --git a/Koha/Template/Plugin/HtmlId.pm b/Koha/Template/Plugin/HtmlId.pm new file mode 100644 index 0000000000..13fc9e8500 --- /dev/null +++ b/Koha/Template/Plugin/HtmlId.pm @@ -0,0 +1,28 @@ +package Koha::Template::Plugin::HtmlId; + +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# Koha is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Koha; if not, see . + +use Modern::Perl; + +use parent qw( Template::Plugin::Filter ); + +sub filter { + my ( $self, $text ) = @_; + + return $text =~ s/[^a-zA-Z0-9-]+/_/gr +} + +1; diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/prefs-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/prefs-menu.inc index 7024bd0ae2..055069e75c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/prefs-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/prefs-menu.inc @@ -1,3 +1,4 @@ +[% USE HtmlId %]